Hello everyone,I am seeking urgent guidance regarding a GCP project suspension. My account was recently suspended, and I received an email stating that the project was engaged in abusive activity consistent with "hijacked resources."The Situation:Access Denied: My production application is currently offline. Whenever I attempt to access the IAM & Admin or APIs & Services dashboard to investigate, I am automatically redirected to the suspension warning page. Unknown Leak: I have audited my frontend/backend/app environment variables (.env) but haven't found any obvious exposures. Account Lockout: Because I cannot access the IAM dashboard or Cloud Logging, I am unable to identify which credential is being abused or delete the compromised keys. Appeal Status: I submitted an appeal over a week ago, but I have not received a response, and my production app remains affected.My Questions:Is there a way to access Cloud Logging or Security Command Center via the SDK or a restricted console view while the project is suspended to identify the source of the abuse (e.g., specific IP addresses or hijacked keys)? Can I programmatically revoke all existing API keys via gcloud or a similar tool if the web console is locked? Are there specific channels to escalate an appeal when the suspension is caused by a hijacked resource rather than a policy violation?Any advice on how to regain enough access to rotate my credentials and secure the project would be greatly appreciated.

I was finally able to resolve this issue. Since the UI redirect completely blocked access to the console, I upgraded to paid support in order to reach a human support agent. Once access was restored, I was able to:Rotate and remove all compromised API keys and credentialsApply strict IP and referrer restrictions to all newly generated keysProvide proof of the implemented security changes for review.After these remediation steps were verified, the suspension was successfully lifted.Key Takeaway:If you are stuck in a redirect loop that prevents access to the console, paid support is a much faster path to recovery than waiting for Google’s standard appeal response. It’s a worthwhile investment to get your production environment back online and properly secured.

Solved

Urgent: GCP Project Suspended for Resource Hijacking - Unable to Access IAM to Rotate Leaked Keys

Forum|Forum|17 days ago
April 23, 2026
9 replies
451 views

rakesh.shrestha
New Member

Hello everyone,

I am seeking urgent guidance regarding a GCP project suspension. My account was recently suspended, and I received an email stating that the project was engaged in abusive activity consistent with "hijacked resources."

The Situation:

Access Denied: My production application is currently offline. Whenever I attempt to access the IAM & Admin or APIs & Services dashboard to investigate, I am automatically redirected to the suspension warning page.
Unknown Leak: I have audited my frontend/backend/app environment variables (.env) but haven't found any obvious exposures.
Account Lockout: Because I cannot access the IAM dashboard or Cloud Logging, I am unable to identify which credential is being abused or delete the compromised keys.
Appeal Status: I submitted an appeal over a week ago, but I have not received a response, and my production app remains affected.

My Questions:

Is there a way to access Cloud Logging or Security Command Center via the SDK or a restricted console view while the project is suspended to identify the source of the abuse (e.g., specific IP addresses or hijacked keys)?
Can I programmatically revoke all existing API keys via gcloud or a similar tool if the web console is locked?
Are there specific channels to escalate an appeal when the suspension is caused by a hijacked resource rather than a policy violation?

Any advice on how to regain enough access to rotate my credentials and secure the project would be greatly appreciated.

Best answer by rakesh.shrestha

I was finally able to resolve this issue. Since the UI redirect completely blocked access to the console, I upgraded to paid support in order to reach a human support agent. Once access was restored, I was able to:

Rotate and remove all compromised API keys and credentials
Apply strict IP and referrer restrictions to all newly generated keys
Provide proof of the implemented security changes for review.

After these remediation steps were verified, the suspension was successfully lifted.

Key Takeaway:
If you are stuck in a redirect loop that prevents access to the console, paid support is a much faster path to recovery than waiting for Google’s standard appeal response. It’s a worthwhile investment to get your production environment back online and properly secured.

Sureshbabu
New Member
Forum|Forum|16 days ago
April 24, 2026

I am also having this problem of suspension for resource hijacking and charges in Google cloud 5500 rupees

+12

kentphelps
Community Manager
Forum|Forum|15 days ago
April 24, 2026

Try Google Admin Toolbox: Recovery Form

Kragekjaer
New Member
Forum|Forum|15 days ago
April 25, 2026

I have been waiting for 3 weeks now, it is not acceptable, and will never recommend Google for anyone.

fernandoredondo
New Member
Forum|Forum|13 days ago
April 27, 2026

@Kragekjaer @rakesh.shrestha

After 3 weeks without any reply I got a email to the Google Cloud Console Appeal Notification email, where they asked if I can describe the problem and what steps I took — something I already included in the original appeal.

So now I’ve waited 3 weeks to give Google the same information, and now I guess I have to wait a few more weeks to get a reply to this email.

Any luck for someone else here?

Kragekjaer
New Member
Forum|Forum|13 days ago
April 27, 2026

This is very frustrating.

I would pay money to get help on this.

kmrtn
Bronze 1
Forum|Forum|8 days ago
May 1, 2026

I agree. This is unacceptable, and unnacceptable to have no recourse to fix ANYTHING look at logs etc. due to getting redirected to appeals page. Even the “Read More” link on the console on the suspension appeal page redirects to the suspesion appeal page. Beyond messed up and ironically means basically google hijacked my project.

rakesh.shrestha
Author
New Member
Answer
Forum|Forum|3 days ago
May 7, 2026

Rotate and remove all compromised API keys and credentials
Apply strict IP and referrer restrictions to all newly generated keys
Provide proof of the implemented security changes for review.

rakesh.shrestha
Author
New Member
Forum|Forum|3 days ago
May 7, 2026

This is very frustrating.

I would pay money to get help on this.

Yes, there is a paid support option, and it was the only way I managed to get this resolved. I upgraded to Standard Support (which starts at around $29/month).

DevDaniel
New Member
Forum|Forum|1 day ago
May 9, 2026

Hello,

I am seeking assistance with a project suspension that has now exceeded the standard review window. My project, MindfulFlow (id: mindfulflow-613bc), was suspended due to an API key compromise that resulted in unauthorized activity.

Case Details:

Appeal Case ID: [removed by moderator]

Initial Suspension Date: April 21, 2026

Last Communication from Google: April 24, 2026 (Request for additional information)

Status: My detailed response was sent on April 24, but I have received no update since.

Remediation Steps Taken:

Key Revocation: I have already revoked the compromised Gemini API key.

Architecture Fix: I have identified that the compromise occurred because the key was embedded in the Android client. I am migrating the app to use Vertex AI for Firebase with App Check to ensure no keys are exposed in the future.

Security Commitment: I have committed to routing all AI requests through Firebase's secure infrastructure.

My app is currently live on the Play Store, and this prolonged suspension is significantly impacting my users. Could a Community Manager please help escalate this case to the Trust & Safety team for a human review?

Thank you for your time and help.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded